If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

IN the config file there is a selection to recheck pin 12345670 every x cycles. If you selected y/Y then the program at start will check that pin for 90 sec. On cycle two the program will start the brute force attack for the length of time set in the configfile. Read the help files for further.

From my testing , i am starting to get the feeling that when i change the MDKTYPE1 variable i tend to collect more pins.Is it it possible that we can be more succesfull i we change attack type on every cycle or is it just me ?.

VMR-MDK was written from responses seen from WPS locked routers in real time. MTeams never tested a variable DDOS approach. Therefore if you have a target that responds to variable DDOS please run some tests and find the sequence of DDOS that provides better results. MTeams will write a patch for you to allow the sequence(s) you require. If you find the sequence(s) work, a update to VMR-MDK will be published to allow this feature for community use.

Hi friends and thank you for your help and patience.
up till today i used the TL-WN722N and it did a very good job (a slow one... but good).
today i had the ALFA AWUS36NH and it feels like its not working properly.

i need help with VMR-MDK. when the WASH process start i get the "ERROR FCS".
i found out the with alfa-36NH i need to command it like this: wash -i mon --ignore-fcs or wash -i mon -C.

In the last year MTeams has seen WPS locked routers when subjected to the VMR-MDK process which give up pins while locked for a period and then stop. The WPS locked status does not change. After a few days usually if the channel has changed the WPS locked router gives up more pins and then stops again.

Spoofing the mac address to an associated client seems to obtain more pins but this view is subjective. We also have only a few routers in our areas of operation which respond in this manner.

We think the router freezes as aireplay-ng -1 also stops obtaining any router response.

The DDOS process was only 15 to 20 sec. More then that just seems to lock the router completely.

MTeams is sorry for the delay in answering however we had to reload a 2016R2 onto a HardDrive(HD) to see if the mdk3 version would install.

In a i386 HD install of 2016R2 we copied the mdk3-v6 folder to root

Then did the following commands

root@localhost:~# cd mdk3-v6

root@localhost:~/mdk3-v6# make

root@localhost:~/mdk3-v6# make install

root@localhost:~/mdk3-v6# mdk3

And the program ran fine

You probably do not have to do the make install as VMR-MDK runs the program from root so you can keep any newer versions of mdk3 on your computer and only run the Musket version from the folder in root if you want to run the -t probe request from the command line or with VMR-MDK. See the VMR-MDK help files that come with the download.

We see comments in this thread that this mdk3 version may not run in some kali linux versions. However for i386 it runs fine.

In closing remember the VMR-MDK process only works on a small number of routers. The help files tell you how to test for the vulnerability.

MTeams is sorry for the delay in answering however we had to reload a 2016R2 onto a HardDrive(HD) to see if the mdk3 version would install.

In a i386 HD install of 2016R2 we copied the mdk3-v6 folder to root

Then did the following commands

root@localhost:~# cd mdk3-v6

root@localhost:~/mdk3-v6# make

root@localhost:~/mdk3-v6# make install

root@localhost:~/mdk3-v6# mdk3

And the program ran fine

You probably do not have to do the make install as VMR-MDK runs the program from root so you can keep any newer versions of mdk3 on your computer and only run the Musket version from the folder in root if you want to run the -t probe request from the command line or with VMR-MDK. See the VMR-MDK help files that come with the download.

We see comments in this thread that this mdk3 version may not run in some kali linux versions. However for i386 it runs fine.

In closing remember the VMR-MDK process only works on a small number of routers. The help files tell you how to test for the vulnerability.

Musket Teams

Confirmed. Thanks.

I have to boot into the i386 version in order to compile. This seems to be an issue to take up with whoever maintains mdk3.

Got everything set up. for some reason it's not writing the config file in the VARMAC_CONFIG folder. When i get to the step to select the config file, it doesnt show me an option to select. And I opened the folder to check and its empty. Any ideas on what I did wrong? Thanks guys for all you do

Please Mmusket33, new version of the Kali come with reaver version 1.6b and not more exist option -a, not work more with VMR-MDK-K2_011x8.
Should I change to old version?
There is a small error on the line 6071 of the VMR-MDK-K2_011x8 Where is it " sleep .1" I think it should be without the point.
I had to change the lines 5224 and 5279 where is it the "xargs" for "xargs -0" Was giving error with some bssid.

There is a newer version VMR-MDK-K2-2016R-011x9.zip The github link is at the beginning of this thread. We will be happy to correct any errors you find in the newer version and we have loaded your commentary into our bug file for checking.

For your own use you might edit all the reaver command lines embedded in xterm. Just make a copy of the file remove all the -a entries save and test

I tried to use vmr-mdk on kali2017 (kali-linux-2017.1-amd64.iso) (on vmware)
I am using external card wifi ,all programs is ok (also fluxion is ok)
when I used VMR-MDK-K2-2016R-011x9 in this sequence
1-assume it is in root folder
2-chmod +x VMR-MDK-K2-2016R-011x9
3-./VMR-MDK-K2-2016R-011x9
and program is run
I followed the steps but after the program is running do only stage 1 (Just scan AP Activity) for 10 times
and give me wps pin not found and then need to restart
(image from output --imgur.com/a/RRy3j--)
what is wrong did it please help

To all users of varmacscan and VMR-MDK. The newer version of reaver version 1.6b has removed the -a entry in the menu. This has caused several problems. Reaver will no longer restart automatically and requires a keyboard entry. MTeams is currently coding around this problem and will issue a REAVER 1.6B version when coding and tests are completed. Simply removing the -a from the reaver command lines will not solve the problem. Furthermore the new wash has removed the -C entry or ignore FCS errors. Older versions continue to function.

Thanks for your answer
Ok I will test it on not VMware
but please let me say what I did
1-1.jpg
2-2.jpg
3-3.jpg
4-4.jpg
5-5.jpg
6-6.jpg
7-7.jpg
8-8.jpg
9-9.jpg
10-10.jpg
11-11.jpg
"reaver" window just show in less than a second then disappeared
12-12.jpg
13-13.jpg
thanks for your time
please tell me what I did wrong or just not work in VMware
thanks again

Please Mmusket33, new version of the Kali come with reaver version 1.6b and not more exist option -a, not work more with VMR-MDK-K2_011x8.
Should I change to old version?
There is a small error on the line 6071 of the VMR-MDK-K2_011x8 Where is it " sleep .1" I think it should be without the point.
I had to change the lines 5224 and 5279 where is it the "xargs" for "xargs -0" Was giving error with some bssid.

26/5000
I was already using this version VMR-MDK-K2-2016R-011x9, sorry, I copied the title of the topic, did not notice the error.
Before posting had already removed the -a without success, The changes mentioned refer to the last script VMR-MDK-K2-2016R-011x9.
tanks

Musket Teams have released VMR-MDK-K2-2017R-012x2 for Kali 2,2016,2017 and all versions of reaver

The aireplay-ng fake auth has been made regenerative.
Several bugs have been corrected, some thanks to dmatrix.
Comments requested by kcdtv have been added.
Script tested in both persistent usb installs and harddrive installs for reaver 1.52 and 1.53 and kali 2016 and 2017 using i386.
Expect the mac changing routines to be slowed. This is to support wifi receivers at the end of five(5) meter extension cables which is the max length allowed.
We do not support VM Ware and amd or persistent usb installs using luks encryption as we cannot test.

To EASD
We have looked thru your jpg images. IT looks to us that you are doing nothing wrong. The program looks for a response from the TargetAP. The network you selected simply is not responding to reaver. Try another network Or if you see another client associated to the target enter that clients mac address thru the config file ie spoof the mac and try again. This would check for mac blocking setup in the router firmware.

How to use varmacscan to determine if a WPS Locked router ??MAY?? be succepible to VMR_MDK

Currently MTeams is writing a module within varmacscan to alert the user if a network may be susceptible to VMR-MDK. Until this rewrite is available, users can employ the following manual method to determine if a WPS locked network ??may?? allow slow but consistent WPS pin harvesting thru the VMR-MDK process.

For reference, MTeams found that some routers although showing a WPS locked state, still gave up a limited number of WPS pins and then stop. It was later found that some of these Networks when exposed to a short intense DDOS process would then allow another cycle of WPS pins to be harvested. Networks then may show one(1) of three(3) possible states when their WPS system is locked.

1. No WPS pins can be collected
2. Limited pins are collected but pin harvesting then permanently stops
3. Limited pins are collected then pin harvesting stops but when subjected to DDOS more pins can be collected.

VMR-MDK was then written to take advantage of this network response.

Using VMR-MDK to determine if a WPS locked network is susceptible can be done but the user must point VMR-MDK at the network to see if pins can slowly be collected. As each network must be individually attacked, testing each WPS locked Network can take some time. Varmacscan however is robotic in nature and scans all networks within range of the wifi receiver. It also writes a logfile.

All log files can be quickly checked for pin harvesting thru the following command line in a terminal window(TW)

grep -l "Pin count advanced:" /root/VARMAC_LOGS/*

If you wish to write to a file called pincollection written to root/ then:

For some reason (probably because I use the t6x fork not the official one in Kali) reaver is not recognized.
Therefore everything is pretty meaningless.
I'm running Kali rolling 4.12.0 but this was the case since I first downloaded the script (4.8.0) so I don't think it's Kali related.
Any advice what should I correct in the script?

If your problem still remains gives us some details but this newer version works for us. You can read thru this thread to find the technical details but other bugs are also corrected in this newer release.

The only program that may not run is the mdk3 program in the zip file. That mdk3 version supports invalid essid and that version is only used when running that DDOS attack. All other mdk3 attacks call up the version in kali. Even if you try and run that version of mdk3 all that occurs is the Xterm window for that attack will not run.

Looking for someone that can write a script ??

I have tried to brute force wps pin against locked routers. The only thing working against several routers is the "mdk3 a -a (bssid) m" command. The router resets and I can get pins again. If it can be in an auto loop with a script it will get the pin even tho it locks. Tried revdk3 if this script would have the command it would work perfect...

mmusket33

If you brute force this way it continuous resets the router so the user loses his internet connection and its a matter of time the user will contact the ISP.. So my thoughts on this is that in general most people sleep at night time and if you could set time that the brute force and resetting starts and ends it would work a lot better.

Due to text output changes in Reaver version 1.63, pixiedust pin extraction modules in VMR-MDK-K2-2017R-012x2.sh and PDDSA-K2-06.sh will no longer function. The code is being corrected and new versions supporting the latest will be posted after testing.

Due to text output changes in Reaver version 1.63, pixiedust pin extraction modules in VMR-MDK-K2-2017R-012x2.sh and PDDSA-K2-06.sh will no longer function. The code is being corrected and new versions supporting the latest will be posted after testing.

Musket Teams

Heh. Got through all the install and found this post. Just a quick thanks for the time and effort your bunch puts in. Waiting patiently on this end...

VMR-MDK and varmacscan will run using reaver 1.63 however onlythe automatic pixiedust pin extraction module will not function. You can run reaver from the command line and collect a data sequence and test for the pin manually until the rewrite is finished .

I have changed the attribute for the entire VMR-MDK-Kali2-Kali2016 folder (chmod 755, as in the manual) and I see 3 VARMAC folders created in the main folder (VARMAC_CONFIG, VARMAC_LOGS, VARMAC_WASH).

What could be the issue here & how do I fix it so that the config created by VMR-MDK is created inside the VARMAC_CONFIG file? It is not possible to proceed further without the config file, as the parameter values are not loaded / show empty fields.

"I have changed the attribute for the entire VMR-MDK-Kali2-Kali2016 folder"

Do not run from the folder - run the script from root?

./VMR-MDK-K2-2017R-012x2.sh

We cannot check if it is a 64 bit problem as we have no 64 bit computers.

MTeams has just finished updating and testing the pixiedust modules in varmacscan and should post that within a day or two. As we speak we are beginning the same work on VMR-MDK. If we find a problem we will post here. Furthermore we should have the VMR-MDK script supporting reaver v1.63 within a week or two .

We tested the script in a persistent usb install of kali-linux-2017.3-i386 and there was no issue.

There is a copy of the config file in the package. You could just place that file in the VARMAC_CONFIG folder then update or change the entries with a text editor. You can name as required and select the file at the prompt.

"I have changed the attribute for the entire VMR-MDK-Kali2-Kali2016 folder"

Do not run from the folder - run the script from root?

./VMR-MDK-K2-2017R-012x2.sh

We cannot check if it is a 64 bit problem as we have no 64 bit computers.

MTeams has just finished updating and testing the pixiedust modules in varmacscan and should post that within a day or two. As we speak we are beginning the same work on VMR-MDK. If we find a problem we will post here. Furthermore we should have the VMR-MDK script supporting reaver v1.63 within a week or two .

We tested the script in a persistent usb install of kali-linux-2017.3-i386 and there was no issue.

There is a copy of the config file in the package. You could just place that file in the VARMAC_CONFIG folder then update or change the entries with a text editor. You can name as required and select the file at the prompt.

Please keep us advised

MTeams

Thank you Team, I managed to solve the issue thanks to your post.

The problem was that I was running the sctip from a folder, rather than directly from root. When executed form root, the VARMAC folders were created and config file too.

Now, after playing with the script for a while, I have a question whether it would be possible to include the -N (or --no-nacks) option in the config file? There are certain routers (including mine) that will not progress in Reaver without this option. As soon as it is enabled, Reaver manages to test PINs.

Could you please include it in the next release of VMR-MDK or instruct me how can I add it myself?

With reaver no longer being mantained or updated do you mantain this program too. Also I having trouble loading program even when downloaded with firefox in linux? I get no programs.in my option Reaver was the best program of wireless hackrams.